AFAIR in 2004 openssl switched to UTF8 as default bitmask in certificate. But ANSI extension's of utf8 support is still incomplete:
$ openssl x509 -text -in localhost-server.crt Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, L=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache, CN=\xD1\x82\xD0\xB5\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD1\x8B\xD0\xB9 \xD0\xA6\xD0\x90/emailAddress=root@localhost Validity Not Before: Feb 6 08:28:23 2015 GMT Not After : Sep 15 08:28:23 2020 GMT Subject: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache web server, CN=localhost/emailAddress=apache@localhost … (not attaching exanple certificate file because mail list seems to reject such letters) displays utf8 symbol codes instead of expected human-readably letters (in this case — cyrillic), shown after import this certificate into browser's profile. Probably adding -utf8 option for x509 command should fix this particular issue. P.S. I use =dev-libs/openssl-1.0.1k amd64 build on Gentoo GNU/Linux. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
